Generating an IP ACL generates an invalid format ACL

[tbaschak]

bgpq4/bgpq4_printer.c

Line 1323 in b8e92b5

fprintf(f, " permit ip host %s host %s\n", prefix,

Example of buggy output from the mailing list:
https://tcp0.com/pipermail/bgpq4/2020-January/000002.html

./bgpq4 -E -l FASTNET-ipv4-in AS-FASTNETCOMM
no ip access-list extended FASTNET-ipv4-in
ip access-list extended FASTNET-ipv4-in
 permit ip host 23.133.64.0 host 255.255.255.0
 permit ip host 23.166.32.0 host 255.255.255.0
 permit ip host 64.234.118.0 host 255.255.255.0
 permit ip host 158.51.210.0 host 255.255.254.0
 permit ip host 158.51.244.0 host 255.255.252.0
 permit ip host 161.38.14.0 host 255.255.255.0
 permit ip host 161.129.245.0 host 255.255.255.0
 permit ip host 162.249.40.0 host 255.255.252.0
 permit ip host 162.249.40.0 host 255.255.254.0
 permit ip host 162.249.42.0 host 255.255.254.0
 permit ip host 192.219.0.0 host 255.255.255.0
 permit ip host 199.87.156.0 host 255.255.255.0

There shouldn't be host listed a second time on the line.

I believe the correct code may be as follows, but I'm not 100% confident this code isn't used by other functions other than generating an extended ACL.

fprintf(f, " permit ip %s %s\n", prefix,
	inet_ntoa(*(struct in_addr*) & netmask));

[tbaschak]

(I might be misunderstanding what the -E option is intended to be used for)

[job]

yeah, this seems somewhat broken

[tbaschak]

Stefan de Kooter pointed me to this blog which points to what those extended access-lists are probably used for: https://blog.ine.com/2008/01/04/using-extended-access-lists-in-a-distribute-list

Changing this would likely break users who are using bgpq4 for this purpose.